# AI Editor RSP Hero Optimization — Compliance Pre-Recheck - Task: t_55f52f86 - Role: 墨盾 / Compliance Recheck - Date: 2026-06-03 UTC - Project: /root/projects/aieditorrsp - Production: https://aieditorrsp.net - Screenshot: /root/.hermes/image_cache/img_f1c401f16193.jpg - Verdict: COMPLIANCE_CONDITIONAL ## 结论 可以进入前端实现,但必须收紧首屏登录、付费、credits、provider 状态文案。当前首屏没有 P0 法律阻断,但存在 P1 合规/误导风险:把登录、Pro checkout、credit pack、硬编码免费额度、`SYSTEM READY`、`HD_MODE` 和 provider flow 都压进首屏,容易让用户理解为完整生产链路已端到端验证、输出质量/规格已确定。 本任务不改代码,只给约束。 ## Evidence checked ### Input brief 读取:`/root/.hermes/reports/aieditorrsp-hero-optimization-20260603/input-brief.md` 关键约束: - Owner 反馈:右侧工具区域太长,首屏比例不协调。 - Product pre-audit: PM_NO_GO。 - Compliance constraint: 若 provider/Stripe/DB/login 未全部生产验证,不要写 live billing、checkout live、paid checkout live;不要硬编码 quota;不要承诺 high-resolution exports;pricing/terms/refund/privacy 口径必须一致。 ### Screenshot evidence 截图首屏可见: - 顶部有 `SIGN IN`、`GET STARTED`。 - 右侧 editor panel 有 `SYSTEM READY`、`HD_MODE`、`2 free generations left today`。 - 首屏下方露出 `ACCOUNT CREDITS`、`Use free previews, or sign in for checkout`。 - 付费按钮区域在首屏底部被裁切,但可见风险来源:Login/checkout/Pro/credits 被提前带入首屏。 ### Production/source checks - `git rev-parse HEAD`: `ce2f1837c58e968d9ed84788f15dada803346ce4` - Production routes checked by curl: `/`, `/pricing`, `/privacy`, `/terms`, `/refund`, `/cookie-policy`, `/contact`, `/api/credits`, `/api/health` - `/api/credits` production returned: - `paid_enabled: true` - `daily_limit: 2` - anonymous `free_remaining: 2` - checkout links for monthly/yearly/credit_pack - Anonymous checkout routes redirect to Google login before Stripe: - `/api/checkout/stripe?plan=monthly` -> `/api/auth/login?...` - `/api/checkout/stripe?plan=yearly` -> `/api/auth/login?...` - `/api/checkout/stripe?plan=credit_pack` -> `/api/auth/login?...` - Google login redirect starts correctly and sets secure HttpOnly OAuth state cookie. - Source checkout route config includes `automatic_tax[enabled]=true`, `billing_address_collection=required`, `tax_id_collection[enabled]=true`. - No authenticated end-to-end paid checkout, provider success, DB credit grant, or refund flow was run in this task. ## Compliance issues ### P1-COMP-001 — Hard-coded free quota in hero Evidence: - Production `/` contains `2 free generations left today`. - Screenshot shows this as a static-looking pill in the first screen. - Source: `src/components/ProductPreviewEditor.tsx:165` hard-codes `2 free generations left today` in home hero. Risk: - If quota is exhausted, changed by env, region-specific, user-specific, or temporarily unavailable, the hero misstates entitlement. - This directly conflicts with the brief: “不要硬编码 quota”。 Required constraint: - Remove hard-coded quota from hero. - Acceptable copy: - `Free previews are capped daily.` - `Credits are checked when you generate.` - If dynamic API state is used, render only after `/api/credits` loads, with unavailable/error fallback. ### P1-COMP-002 — Paid/account checkout panel appears in first screen Evidence: - Screenshot shows `ACCOUNT CREDITS` and `Use free previews, or sign in for checkout` in the first screen bottom area. - Browser snapshot confirms first hero status panel contains `LOGIN WITH GOOGLE`, `PRO MONTHLY`, `PRO YEARLY`, `CREDIT PACK` links. - Product contract says Account Credits / Login with Google / Pro monthly/yearly/Credit pack should not appear in first screen. Risk: - Prematurely turns a first-use editor demo into a billing/account claim. - Increases mismatch risk if checkout/provider/login is not fully verified. Required constraint: - Remove `CreditAccountPanel` from home hero idle state. - Keep login only in top nav or post-quota/post-generate states. - Move Pro monthly/yearly/credit pack CTAs to `/pricing` and quota-exhausted state only. ### P1-COMP-003 — “Live billing” / paid checkout wording must be gated by E2E evidence Evidence: - `/pricing` contains `live billing` and BillingDisclosure says `Paid checkout, subscriptions, and credit packs are live for authenticated users`. - Production API and redirects indicate paid path is configured, but this task did not verify authenticated Stripe Checkout completion, webhook grant, receipt, cancellation, or refund path. Risk: - “Live billing” is a stronger claim than “available after login” or “processed by Stripe”. If backend credentials, webhook, DB grants, or test-mode/live-mode are not fully verified, it can mislead users and create support/payment disputes. Required constraint: - For hero optimization, do not add or surface “live billing”, “checkout live”, “paid checkout live” in first screen. - Preferred safer copy: - `Paid plans are handled through Google login and Stripe Checkout.` - `Tax and total are shown before payment.` - `Subscriptions and credit packs are account-based.` - Keep “live” wording only if a paid-launch QA artifact proves authenticated checkout + webhook + credit grant + receipt/account state. ### P1-COMP-004 — Provider readiness wording is too absolute for hero Evidence: - Hero shows `SYSTEM READY`. - Source shows pending state copy: `Starting provider generation` and `server-side fal processing`. - Source has error states for `PROVIDER_NOT_CONFIGURED`, `PROVIDER_FAILURE`, and “No credits were charged by this site.” Risk: - `SYSTEM READY` can imply the generation provider is always available. Provider failures and configuration failures are known possible states. Required constraint: - Replace absolute readiness language with conditional/status-neutral wording. - Acceptable copy: - `Editor ready` - `Upload ready` - `Provider checked on generate` - `Generation runs server-side when available` - Error copy must continue to say no site credits charged when provider fails before usable result. ### P1-COMP-005 — `HD_MODE` / high-resolution export promise risk Evidence: - Hero prompt metadata shows `HD_MODE`. - Production `/` contains `high-resolution` once in lower workflow copy: `Download high-resolution exports...` - Brief says do not promise high-resolution exports unless verified. Risk: - “HD” and “high-resolution exports” are output-quality/spec claims. If provider output dimensions, upscaling, retention, or download behavior are not guaranteed, the claim is too strong. Required constraint: - Remove `HD_MODE` from hero metadata unless actual output resolution policy is defined and verified. - Replace `high-resolution exports` with safer copy: - `Open or download the generated result when available.` - `Export/download the provider result when available.` - Do not imply upscaling, print-quality, or guaranteed resolution. ### P2-COMP-006 — Policy consistency is broadly aligned but needs final post-fix scan Evidence: - `/privacy`, `/terms`, `/refund`, `/cookie-policy`, `/contact` all return 200. - Current legal pages consistently disclose Google login, Stripe, Stripe Tax, credits, provider processing, safety limits, support email. - No stale disabled-payment phrases were found in production scan: `paid checkout is disabled`, `PLANNED / DISABLED`, `provider pending`, `not enabled yet`, `full commercial license`. Residual risk: - If hero implementation removes billing/account copy but legal/pricing remain stronger than the verified E2E state, the final compliance recheck must decide whether pricing/legal can keep paid-live language. Required final scan: - Re-scan `/`, `/pricing`, `/privacy`, `/terms`, `/refund`, `/cookie-policy` after implementation for: - stale disabled-payment copy - hard-coded quota in hero - `live billing` / `checkout live` on hero - `HD_MODE`, `high-resolution`, `unlimited`, `guaranteed` - mismatch between pricing, terms, refund, privacy ## Implementation constraints for next agent Do: - Keep H1 and SEO paragraph semantics from the input brief. - Keep upload → prompt/template → generate as the only first-screen task. - Keep top-nav `Sign In` acceptable as the only login entry in first screen. - Use dynamic or generic credit language, not hard-coded quota. - Move billing/plan CTAs out of hero into `/pricing` or quota-exhausted state. - Preserve server-side provider disclosure, but avoid always-ready claims. - Use capped/limited wording for credits and no unlimited claims. Do not: - Do not show `Account Credits`, `Login with Google`, `Pro monthly`, `Pro yearly`, or `Credit pack` inside home hero idle state. - Do not write `live billing`, `checkout live`, `paid checkout live` in the optimized hero. - Do not hard-code `2 free generations left today` in the hero. - Do not use `HD_MODE` unless verified by actual output spec. - Do not promise `high-resolution exports`, guaranteed results, unlimited generations, or provider uptime. - Do not weaken safety copy around celebrity, political, non-consensual, or third-party-rights infringing edits. ## Pricing / Terms / Refund / Privacy consistency constraints Pricing must match: - Free: capped previews; no saved receipts/paid credits for anonymous users. - Pro monthly/yearly/credit pack: available after Google login and Stripe Checkout. - Tax: shown before payment by Stripe/Stripe Tax if enabled. - No unlimited generation claim. Terms must match: - User must own or have rights to upload/edit images. - Generated output depends on prompt, source image, provider availability, and safety checks. - Credits and subscriptions are capped. - No guarantee of usable result for every prompt. Refund must match: - Failed provider generation before usable result should not consume paid credits. - Consumed credits generally not refundable unless confirmed platform error. - Refund request path: support@aieditorrsp.net. - Cancellation stops future renewals; prior successful usage not automatically refunded. Privacy must match: - Google login, uploaded images, prompt text, provider processing, credits/usage records, Stripe order identifiers, support messages, Cloudflare/Plausible/optional GA4/Clarity if configured. - Provider keys stay server-side. - Temporary result URLs may be used. - Retention/deletion requests go to support@aieditorrsp.net, with legal/tax/security retention carve-out. Cookie Policy must match: - OAuth/session/checkout cookies are essential. - Stripe may set cookies during Checkout. - Analytics disclosures must reflect actual configured analytics. ## Verdict COMPLIANCE_CONDITIONAL Reason: no immediate legal P0 blocking frontend hero optimization, but implementation must remove or soften the first-screen account/payment/quota/provider/HD claims before final compliance can pass. ## Checks run - Read Kanban task `t_55f52f86`. - Loaded `projects/site-qa` skill. - Loaded `compliance-docs-pipeline` skill. - Read input brief. - Inspected attached screenshot. - Inspected source files: - `src/app/page.tsx` - `src/components/ProductPreviewEditor.tsx` - `src/components/CreditAccountPanel.tsx` - `src/components/StitchStudio.tsx` - `src/components/PublicPages.tsx` - `src/app/pricing/page.tsx` - `src/app/privacy/page.tsx` - `src/app/terms/page.tsx` - `src/app/refund/page.tsx` - `src/app/cookie-policy/page.tsx` - `src/app/api/credits/route.ts` - `src/app/api/checkout/stripe/route.ts` - `src/app/api/webhooks/stripe/route.ts` - Production HTTP/text scan: - `/` - `/pricing` - `/privacy` - `/terms` - `/refund` - `/cookie-policy` - `/contact` - `/api/credits` - `/api/health` - Browser snapshot of production home hero. - Anonymous checkout redirect smoke for monthly/yearly/credit_pack. - Google OAuth redirect smoke. ## Residual risk - Authenticated paid checkout and webhook credit grant were not E2E tested in this task. - Provider successful generation was not E2E tested in this task. - The final compliance recheck must run after frontend implementation and deployment. - If final implementation changes pricing/legal copy, consistency must be re-scanned. ## Next inputs For the final compliance recheck, provide: - Deployed production URL after frontend implementation. - Commit SHA of implementation. - Any paid-launch QA artifact proving authenticated Stripe Checkout + webhook + credit grant + account state, if “live billing” language is retained outside the hero. - Any provider-generation QA artifact proving successful generation and output/download behavior, if HD/high-resolution/export claims are retained anywhere.